Doug,
Douglas Otis wrote:
The revocation record would be self-published within their domain in the same fashion as the keys. If the task of publishing the revocation records proves too burdensome, they could delegate the revocation zone to a provider ...
So you need a different mechanism to distribute those revocation lists to the provider when they're too big/quickly changing for me to manage in my own domain. Is that what you mean? If so, which protocol is used for that? If that's an intrinsic part of your opaque-identifier scheme, then it'd have to be specified at the same time or else we'd have an unacceptable scaling issue, right? Please make the answers as short as the questions, e.g. if the answer is "TBD" then that's enough information for now:-) Stephen. _______________________________________________ ietf-dkim mailing list http://dkim.org
